> Security considerations are not a bad thing and I would support that,
Good.
> however I think that a discussion of the use of the metadata property
> with respect to WS-policy and how it fits with respect to any other
> policy expression would worry me very much.
But it is certainly the responsibility of WSA to make explicit that it is
creating a new potential source of conflict, and that there are
non-obvious security implications. Right?
/r$
--
STSM
Senior Security Architect
DataPower SOA Appliances